Quickly setup Mail Server for Phishing exercise

mail-server Dec 08, 2018

Setting up a mail server is a tedious and complex task. Follow the below tutorial to setup a mail server using Postfix, iRedMail, Dovecot, RoundCube, LetsEncrypt on Debian/Ubuntu based system. This tutorial assumes that you are doing the installation on a fresh system with at-least 2GB of RAM.
Why to setup these tools:
Postfix - SMTP server to send your emails.
OpenDKIM - DKIM server to assist with bypassing spam filters. It works in tandem with Postfix.
Dovecot - IMAP server to receive email.
iRedMail - Full-Fledged mail server.
LetsEncrypt - a free, automated, and open Certificate Authority.

Pre-Installation Steps
SSH into the system and update all the system software
sudo apt update && apt upgrade -y

Setup the DNS records as per below:

Record Type Host Value
A @ ServerIP
A www ServerIP
A mail ServerIP
MX @ mail.Domain
TXT @ v=spf1 a mx a:mail.Domain a:Domain ip4:ServerIP ~all
TXT _dmarc v=DMARC1; p=none

Set the fully qualified domain name (FQDN) using the hostnamectl command
sudo hostnamectl set-hostname mail.example.com
Modify the /etc/hosts file like below
127.0.0.1 mail.example.com localhost
In a new SSH session verify the changes by executing hostname -f.

Generate a SSL certificate for the mail server and web mail using LetsEncrypt.
Follow the instruction provided here to install LetsEncrypt and certbot
Here we will generate a WildCard SSL Certificate. Follow the on screen instructions to successfully deploy SSL certificate.

certbot certonly \
    --manual --preferred-challenges=dns \
    --email username@domain.com \
    --server https://acme-v02.api.letsencrypt.org/directory \
    --agree-tos \
    --domain *.example.com --domain www.example.com

Installation Steps

Post the pre-installation steps, we start the main setup process:
Installing iRedMail
Download and install the latest version of iRedMail from here

wget https://bitbucket.org/zhb/iredmail/downloads/iRedMail-y.z.tar.bz2
tar -xvf iRedMail-y.z.tar.bz2
cd iRedMail-y-z/
chmod +x iRedMail.sh
sudo bash iRedMail.sh

Follow the default configuration on the installation screen. We have used MySQL database for this setup.
At the end of the installation you will be presented with the Login URL of web admin panel and admin login credentials to access the Mail Server.
Reboot the server to apply the changes.
Login to the webmail admin ( https://example.com/iredadmin ) and setup a custom email address to use on the web mail ( https://example.com ).

Configuring SSL certificate in web mail.
Add the SSL certificate we generated earlier to the nginx configuration.
Save and close the file. Then test the nginx configuration and reboot nginx.
nginx -t
nginx -s reload

Configuring Postfix and Dovecot
We need to configure Postfix and Dovecot to use the SSL certificate created by LetsEncrypt.

Edit the mail configuration file of Postfix
sudo nano /etc/postfix/main.cf
Modify the following lines to use the LetsEncrypt SSL certificate.
smtpd_tls_key_file = /path/to/ssl/certificate
smtpd_tls_cert_file = /path/to/ssl/certificate
smtpd_tls_CAfile = /path/to/ssl/certificate
Save and close the file. Reboot Postfix
sudo postfix reload

Edit the mail configuration file of Dovecot
sudo nano /etc/dovecot/dovecot.conf
Modify the following lines to use the LetsEncrypt SSL certificate.
ssl_cert = < /path/to/ssl/certificate
ssl_key = < /path/to/ssl/certificate
Save and close the file. Reboot Dovecot
sudo dovecot reload

Generating SPF, DKIM, DMARC and PTR records
To prevent the emails from being flagged as SPAM, we will set SPF, DMARC, DKIM and PTR records.

We have already set up the SPF and DMARC records.
SPF (Sender Policy Framework) record specifies which hosts or IP address are allowed to send emails on behalf of a domain.
( TXT –> @ –> v=spf1 a mx a:mail.Domain a:Domain ip4:Server_IP ~all )

DMARC stands for Domain-based Message Authentication, Reporting and Conformance. DMARC can help receiving email servers to identify legitimate emails and prevent your domain name from being used by email spoofing.
( TXT –> _dmarc –> v=DMARC1; p=none )

DKIM (DomainKeys Identified Mail) use a private key to add a signature to emails sent from your domain. Receiving SMTP servers verify the signature using the public key published in your DNS manager.
The iRedMail installation script will automatically configure DKIM records for your server, the only thing remains is to add the DKIM record in DNS manager
We can print the Public Key using the below command:
sudo amavisd-new showkeys
Then in the DNS manager create a TXT record with the received value.

Record Type Host Value
TXT dkim._domainkey dkim-public-key

A pointer record, or PTR record, maps an IP address to a FQDN. It’s the counterpart to the A record and is used for reverse DNS lookup.
Set the reverse DNS record in the control panel of the hosting provider.

Note: It may take sometime for the DNS record to propagate to the internet.

The installation is complete. Next step is to test the email score and spammyness.

Test email score and spammyness
Use the below sources to check the email score of the newly setup mail server.
Mail-Tester - Test the Spammyness of the emails
MXToolBox - Check the Deliverability Report
DMARCanalyzer - DKIM record checker
GlockApps - Spam testing tool

Thats all for now!
Enjoy your own custom mail server. 👍🏻

Eshan

Cyber Security Professional • Offensive Infrastructure • Anime Addict • Love to Travel • Co-creater of rescure.fruxlabs.com •